# WAF Rule ID 330701  

***  

**Alert message:** Atomicorp.com WAF Rules: CVE-2014-6271 Bash Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 1 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 



If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**



# WAF Rule ID 330702  

***  

**Alert message:** Atomicorp.com WAF Rules: CVE-2014-6271 Bash Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 1 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 



If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**



# WAF Rule ID 331702  

***  

**Alert message:** Atomicorp.com WAF Rules: Possible JSON-Based SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 6 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

**Description:**

 Atomicorp.com WAF Rules: Possible JSON-Based SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 394669  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE attempt blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE attempt blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 334071  

***  

**Alert message:** Atomicorp.com WAF Rules: Known PHP code injection Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: Known PHP code injection Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 334072  

***  

**Alert message:** Atomicorp.com WAF Rules: CVE-2019-6703 Attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: CVE-2019-6703 Attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 334073  

***  

**Alert message:** Atomicorp.com WAF Rules: Injection Attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: Injection Attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 394667  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 394666  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible CryptoPHP backdoor attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312863  

***  

**Alert message:** Atomicorp.com WAF Rules: Potential Reflected File Download (RFD) Attack. 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:**  

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 This rules detects when a potential reflected download attack (RFD) has been detected.



**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

http://dl.packetstormsecurity.net/papers/attack/Aspect_File_Download_Injection.pdf


# WAF Rule ID 339207  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts CVE-2020-17530 RCE attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- base64Decode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts CVE-2020-17530 RCE attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337207  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337206  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 8 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337208  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 6 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337210  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 8 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java RCE attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337218  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Struts RCE attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337211  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134) blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337209  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java remote code injection blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java remote code injection blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337106  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337107  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla RCE attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347195  

***  

**Alert message:** Atomicorp.com WAF Rules: PHP function in HTTP header attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: PHP function in HTTP header attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 392767  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible BIG_IP attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible BIG_IP attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 392765  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Naive Java application cross scripting attack  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- removeComments

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Naive Java application cross scripting attack 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393664  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms upload attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Gravity Forms upload attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393663  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress CM Download Manager RCE attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress CM Download Manager RCE attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322272  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cmdownload XSS attack (CVE-2020-27344) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- normalisePath

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cmdownload XSS attack (CVE-2020-27344)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391235  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 8 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- removeComments

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal pre-auth SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393766  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 8 

**Severity:** Error (HIDS: 8)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Options:** No active Response

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: semalt.com bot attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393669  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible DOS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible DOS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 384545  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Media Manager File Upload Bypass Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Media Manager File Upload Bypass Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393665  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:Possible W3TC and WP Super Cache PHP Code injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:Possible W3TC and WP Super Cache PHP Code injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 378492  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roundcube LFI vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 7 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Roundcube LFI vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 378497  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized Proxying of Website by .stfi.re 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 7 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized Proxying of Website by .stfi.re

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 378491  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 6 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 378371  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Exploit PHP CGI command injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- removeWhitespace

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 376476  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: VBulleting Code Injection Attack Blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: VBulleting Code Injection Attack Blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 376416  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: W3 Total Cache vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: W3 Total Cache vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 392664  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilege Escalation Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilege Escalation Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 392665  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilege Escalation Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Privilege Escalation Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381211  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MySQL Server Username/Password Disclosure Vulnerability via \ 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:**  

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 4 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MySQL Server Username/Password Disclosure Vulnerability via \

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336477  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magento Shoplift attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magento Shoplift attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336478  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModX Revolution 2.3.5-pl Cross Site Scripting attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModX Revolution 2.3.5-pl Cross Site Scripting attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391742  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Gravity Forms 1.8.19 Shell Upload Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Gravity Forms 1.8.19 Shell Upload Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391743  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Gravity Forms 1.8.19 Shell Upload Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Gravity Forms 1.8.19 Shell Upload Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390751  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390753  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress REST API remote code injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390755  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390766  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:**  

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390767  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:**  

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal Code Injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390768  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Code Injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:**  

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Code Injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322211  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP myEasybackup directory recursion attack  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP myEasybackup directory recursion attack 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393782  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PGP eval stdin attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PGP eval stdin attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393781  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress File Manager Plugin attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress File Manager Plugin attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322121  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Live Chat File Upload attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Live Chat File Upload attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393780  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Possible TC custom javascript injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Possible TC custom javascript injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 334616  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Advanced Access Manager attack attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Advanced Access Manager attack attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 334617  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP User Avatar plugin privilege escalation attack attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP User Avatar plugin privilege escalation attack attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393750  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajax_asyn_link LFI attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajax_asyn_link LFI attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393758  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393759  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress backup manager LFI attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393771  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress shortcode LFI attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress shortcode LFI attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393772  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress adaptive-images-script.php LFI attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress adaptive-images-script.php LFI attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393760  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: OPAC RSS Search SQL injection  attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: OPAC RSS Search SQL injection  attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393749  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress html2canvas proxy SSRF attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress html2canvas proxy SSRF attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322314  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP AccessPress Themes attack (CVE-2020-25378) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP AccessPress Themes attack (CVE-2020-25378)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322313  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP recall products plugin XSS attack (CVE-2020-25380) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP recall products plugin XSS attack (CVE-2020-25380)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322111  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Load More SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Load More SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322122  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Medoa Recursion attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Medoa Recursion attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393666  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress brute force attempt, direct Login Missing Referer (not blocked) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress brute force attempt, direct Login Missing Referer (not blocked)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 323667  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP XSS in Loginizer attack (CVE-2018-11366) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:**  

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP XSS in Loginizer attack (CVE-2018-11366)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 356710  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress PHP Anywhere < 3.0.0 - Remote Code Execution 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress PHP Anywhere < 3.0.0 - Remote Code Execution

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322182  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322183  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce Unauthenticated Arbitrary File Upload attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322102  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection attack against WP Good Layers Plugin (CVE-2020-27481) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection attack against WP Good Layers Plugin (CVE-2020-27481)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322172  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Download Manager XSS attack (CVE-2013-7319) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Download Manager XSS attack (CVE-2013-7319)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322112  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Elementor Pro File Upload attack attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Elementor Pro File Upload attack attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322113  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drag and Drop Upload Contact Form Code Injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drag and Drop Upload Contact Form Code Injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322114  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Widget Importer/Export RFI attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Widget Importer/Export RFI attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322115  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MapPress Maps path recursion attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MapPress Maps path recursion attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 383709  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: KingComposer XSS attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: KingComposer XSS attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322222  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP CommentLuv XSS attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP CommentLuv XSS attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 303669  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 303668  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Adning PHP code injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 303768  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 303769  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin PHP objection insertion attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Newsletter Plugin PHP objection insertion attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393767  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Arbitrary File Upload Vulnerability in Jssor Slider attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Arbitrary File Upload Vulnerability in Jssor Slider attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 323769  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-config file download attack via duplicator plugin blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-config file download attack via duplicator plugin blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 383769  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WooCommerce attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393769  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393768  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress ajaxServersettingschk command injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393751  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress 301bulkoptions attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress 301bulkoptions attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347147  

***  

**Alert message:** Atomicorp.com WAF Rules: Wordpress admin-ajax XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: Wordpress admin-ajax XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347148  

***  

**Alert message:** Atomicorp.com WAF Rules: Wordpress admin-ajax Live Chat plugin XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: Wordpress admin-ajax Live Chat plugin XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347149  

***  

**Alert message:** Atomicorp.com WAF Rules: Wordpress admin-ajax file injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: Wordpress admin-ajax file injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347150  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress GDPR Compliance Plugin Exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress GDPR Compliance Plugin Exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347151  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347152  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347153  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347154  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Kiwi Social Plugin Exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347155  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347156  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347157  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347158  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347159  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347160  

***  

**Alert message:** Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: WordPress Admin Ajax unauthenticated plugin/extension exploit blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 382245  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access attempt or probe for known vulnerable yuzo-related-post Plugin blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access attempt or probe for known vulnerable yuzo-related-post Plugin blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 382241  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 382242  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.login_form probe blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393743  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Service Finder Booking Local File Disclosure blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Service Finder Booking Local File Disclosure blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391746  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCollab 2.5.1 Unauthenticated File Upload blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCollab 2.5.1 Unauthenticated File Upload blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391747  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391756  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Cherry Plugin Unauthenticated File Upload blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WP Cherry Plugin Unauthenticated File Upload blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391748  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress LearnDash 2.5.3 File Upload

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391749  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability  blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability  blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391759  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PerfexCRM 1.9.7 a Unrestricted php5 File upload blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PerfexCRM 1.9.7 a Unrestricted php5 File upload blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390747  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Boost My Campaign 1.1 Unauthenticated Administrative Access blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Boost My Campaign 1.1 Unauthenticated Administrative Access blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390769  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Theme Newspaper 6.7.1 - Privilege Escalation attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Theme Newspaper 6.7.1 - Privilege Escalation attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390849  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPMailer remote code execution attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPMailer remote code execution attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390749  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla privilege escalation attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla privilege escalation attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390746  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Vulnerable Joomla Simple File Upload v1.3 Access blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Vulnerable Joomla Simple File Upload v1.3 Access blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390745  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP malware 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP malware

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390744  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla com aceftp Arbitrary File Download Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla com aceftp Arbitrary File Download Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391744  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM PHP Code injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM PHP Code injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391745  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM Insecure fopen attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SugarCRM Insecure fopen attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391741  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Roxy File Manager Shell Upload Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Roxy File Manager Shell Upload Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391739  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Easy Hosting Control Panel plaintext password attack denied 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Easy Hosting Control Panel plaintext password attack denied

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391740  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  WordPress WP Mobile Detector 3.5 Shell Upload 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  WordPress WP Mobile Detector 3.5 Shell Upload

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391709  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Easy Hosting Control Panel Unauthenticated File upload attack denied 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Easy Hosting Control Panel Unauthenticated File upload attack denied

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393739  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PivotX shell upload attack denied 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PivotX shell upload attack denied

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393738  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Zenphoto RFI attack denied 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Zenphoto RFI attack denied

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393737  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PHP utility belt access denied 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PHP utility belt access denied

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393734  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Yeager CMS unauthenticated upload blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Yeager CMS unauthenticated upload blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393721  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Yeager CMS SSRF attack blocked  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Yeager CMS SSRF attack blocked 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393720  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Grawlix 1.0.3: Code Execution  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Grawlix 1.0.3: Code Execution 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393719  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CouchCMS 1.4.5: Code Execution attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CouchCMS 1.4.5: Code Execution attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 364577  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bigware Shop 2.3.01 File Upload Attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bigware Shop 2.3.01 File Upload Attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 344577  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magmi file recursion attack  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Magmi file recursion attack 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 344477  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjeQtor 4.5.2 Shell Upload attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjeQtor 4.5.2 Shell Upload attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 344479  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Centreon 2.6.1 Command Injection Vulnerability attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Centreon 2.6.1 Command Injection Vulnerability attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 343478  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Collabtive 2.0 Shell Upload attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Collabtive 2.0 Shell Upload attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 343481  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vtiger CRM 6.3 Remote Code Execution attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vtiger CRM 6.3 Remote Code Execution attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 348476  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin Navis Documentcloud XSS Vulnerability attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin Navis Documentcloud XSS Vulnerability attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 348477  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck remote code injection attack  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck remote code injection attack 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 348478  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck recon phpinfon attack  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pluck recon phpinfon attack 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347475  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347476  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 347474  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin Memcache Remote Code Execution Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin Memcache Remote Code Execution Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337472  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337473  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wordpress plugins Upload Filter Bypass Remote file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wordpress plugins Upload Filter Bypass Remote file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337474  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337475  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Fast Image Adder 1.1 Shell Upload attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337470  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress uploadify upload Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress uploadify upload Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337471  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify non-media file upload violation 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify non-media file upload violation

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337476  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify RFI attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: uploadify RFI attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393726  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress WooCommerce Privilege Escalation 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress WooCommerce Privilege Escalation

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393725  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress WP User Frontend Plugin Unrestricted File Upload blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeComments

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress WP User Frontend Plugin Unrestricted File Upload blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393723  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Blind SQLi POC blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Blind SQLi POC blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393727  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393728  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Wordpress User Meta Manager Plugin Information Disclosure attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393724  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Privilege Escalation attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeComments

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Wordpress Privilege Escalation attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337469  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Revslider upload Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337479  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Revslider non-image file download Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336469  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Stored XSS Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Stored XSS Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336468  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 1 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336467  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible chained PHP array injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible chained PHP array injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336460  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336459  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Plesk secret_key attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Plesk secret_key attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336359  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress pingback zombie attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 331358  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vbulletin zero day attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vbulletin zero day attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 331357  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WHMCS SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WHMCS SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 321357  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress serialize name change attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress serialize name change attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 321356  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 388000  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Attempt to Access vulnerable FCKeditor file upload connector (Disable if you have configured this connector to require authentication) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380800  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380801  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Easter Egg Access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390760  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393756  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:e107 RFI attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecode

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:e107 RFI attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390655  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SYSURL RFI attack Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SYSURL RFI attack Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390656  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: get variable RFI attack Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: get variable RFI attack Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391760  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 395760  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310054  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2 cafelog gm-2-b2.php remote file include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2 cafelog gm-2-b2.php remote file include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310055  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: BLNews objects.inc.php4 remote file include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: BLNews objects.inc.php4 remote file include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310056  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttCMS header.php remote file include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttCMS header.php remote file include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310059  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: pmachine remote file include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: pmachine remote file include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310090  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum remote include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum remote include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310227  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: auth.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310233  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP formmail.inc.php file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP formmail.inc.php file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310234  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: download Center Lite download_center_lite.inc.php command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: download Center Lite download_center_lite.inc.php command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310235  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: mod_mainmenu.php command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: mod_mainmenu.php command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310236  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310238  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews header.php command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews header.php command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310240  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: votebox.php command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: votebox.php command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310267  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog init.inc.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310293  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: poc_root_path remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: poc_root_path remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310295  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPOpenChat poc.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPOpenChat poc.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310297  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews install.php remote command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcNews install.php remote command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390282  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: page_tail RFI injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: page_tail RFI injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310237  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog backend index.php command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog backend index.php command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310268  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog links/index.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpWebLog links/index.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310289  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke index.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke index.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390651  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! Shoutbox Pro Component controller Local File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! Shoutbox Pro Component controller Local File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310274  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA index.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA index.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310337  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310392  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal/index.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal/index.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310580  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Page argument RFI injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Page argument RFI injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 331323  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential Owncloud information leakage attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential Owncloud information leakage attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393753  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393754  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP code injection attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP code injection attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393752  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: LFI attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390737  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Image Upload - Arbitrary File Upload 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla Image Upload - Arbitrary File Upload

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 333458  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: DOKEOS ce30 Authentication Bypass attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: DOKEOS ce30 Authentication Bypass attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 333358  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential JCE image manager attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Potential JCE image manager attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 333359  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: JCE image attempt to rename image file to PHP attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: JCE image attempt to rename image file to PHP attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391663  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391664  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: NoNumber Framework Joomla Plugin Vulnerability Probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391662  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Module user SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Module user SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310251  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310252  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php upload authorization bypass attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/index.php upload authorization bypass attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310058  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttforum remote file include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttforum remote file include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310066  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: IdeaBox file include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: IdeaBox file include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310335  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310346  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310347  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops sections/index.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops sections/index.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310372  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Lighthouse Squirrelcart index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Lighthouse Squirrelcart index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310382  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: interact MX Kart index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: interact MX Kart index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310405  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin index.php convcharset parameter cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin index.php convcharset parameter cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310407  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310425  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310445  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Squirrelcart index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Squirrelcart index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310466  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310467  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare tts/index.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: eGroupWare tts/index.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390652  

***  

**Alert message:** Atomicorp.com WAF Rules - FreePHPBlogSoftware phpincdir File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - FreePHPBlogSoftware phpincdir File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 350023  

***  

**Alert message:** Atomicorp.com WAF Rules: non-existent File Google Recon attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380005  

***  

**Alert message:** Atomicorp.com WAF Rules: PHP session cookie attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules: PHP session cookie attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310008  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail spell-check arbitrary command attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail spell-check arbitrary command attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310009  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail theme arbitrary command attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: squirrel mail theme arbitrary command attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310010  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: directory.php arbitrary command attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: directory.php arbitrary command attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310045  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: DNSTools administrator authentication bypass attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: DNSTools administrator authentication bypass attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310049  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Blahz-DNS dostuff.php modify user attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Blahz-DNS dostuff.php modify user attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310050  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Wiki cross site scripting attemptt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Wiki cross site scripting attemptt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310053  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: shoutbox.php directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: shoutbox.php directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310057  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: autohtml.php directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: autohtml.php directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310061  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: guestbook remote file include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: guestbook remote file include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310064  

***  

**Alert message:** Atomicorp.com WAF Rules: DCP-Portal remote file include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules: DCP-Portal remote file include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310067  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board emailer.php file include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board emailer.php file include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310068  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat db_mysql.php file include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat db_mysql.php file include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310069  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat english.php file include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat english.php file include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310070  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php file include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php file include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310072  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaBB SE packages.php file include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaBB SE packages.php file include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310073  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: newsPHP Language file include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: newsPHP Language file include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310075  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board ipchat.php file include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Board ipchat.php file include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310077  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpGedView PGV functions.php base directory manipulation attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpGedView PGV functions.php base directory manipulation attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310078  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TUTOS path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TUTOS path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310083  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Calendar XSS 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Calendar XSS

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310084  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin Export.PHP File Disclosure Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin Export.PHP File Disclosure Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310086  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310211  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Phorum common.php direct access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Phorum common.php direct access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310212  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Rolis guestbook insert.inc.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Rolis guestbook insert.inc.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310217  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Invision Board ipchat.php file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Invision Board ipchat.php file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310219  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: : YaBB SE packages.php file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: : YaBB SE packages.php file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310224  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: : WAnewsletter newsletter.php file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: : WAnewsletter newsletter.php file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310225  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Opt-X header.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: : Opt-X header.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310228  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dforum nav.php3 executable code injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dforum nav.php3 executable code injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310229  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310231  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB oracle.php full path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB oracle.php full path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310239  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB admin_styles.php directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB admin_styles.php directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310241  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew lib-xmlrpcs.inc.php path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew lib-xmlrpcs.inc.php path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310242  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-activation.php path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-activation.php path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310243  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-cleantables.php path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-cleantables.php path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310244  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-autotargeting.php path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-autotargeting.php path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310245  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-reports.php path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew maintenance-reports.php path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310246  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility phpads.php path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility phpads.php path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310247  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility remotehtmlview.php path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility remotehtmlview.php path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310248  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility click.php path disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpAdsNew backwards compatibility click.php path disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310253  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/uploadcc.php credit card data upload attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: citrusdb tools/uploadcc.php credit card data upload attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310262  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310263  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB posting.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310264  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB privmsg.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB privmsg.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310266  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: mail_autocheck.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: mail_autocheck.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310269  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310270  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB divers.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310271  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB Zip/divers.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ProjectBB Zip/divers.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310272  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat defines.php local file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebChat defines.php local file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310273  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: D-Forum nav.php3 cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: D-Forum nav.php3 cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310275  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA hits.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA hits.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310276  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA counter.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: auraCMA counter.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310277  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310278  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310279  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: vBulletin forumdisplay.php local command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310280  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310281  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310282  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310283  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310284  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages edp_relative_path exploitation attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages edp_relative_path exploitation attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310287  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WAnewsletter newsletter.php local file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WAnewsletter newsletter.php local file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310288  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php local file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Typo3 translations.php local file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310307  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RUNCMS.Exoops.CIAMOS highlight.php file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RUNCMS.Exoops.CIAMOS highlight.php file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310308  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TRG/CzarNews /install/* local command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TRG/CzarNews /install/* local command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310313  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310314  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhotoPost showgallery.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310329  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Topic Calendar calendar_scheduler.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Topic Calendar calendar_scheduler.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310338  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS content.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dream4 Koobi CMS content.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310340  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ESMI Paypal Storefront pages.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ESMI Paypal Storefront pages.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310345  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki tiki-list_faqs.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki tiki-list_faqs.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310353  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: OSCommerce default.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: OSCommerce default.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310354  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Type3 translations.php remote file retrieval attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Type3 translations.php remote file retrieval attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310355  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mambo email(article,faq,news).php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mambo email(article,faq,news).php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310357  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Photopost cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Photopost cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310366  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPcoin auxpage.php directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPcoin auxpage.php directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310378  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310379  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PaFiledb pafiledb.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310381  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPnuke modules.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310408  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart tellafriend.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart tellafriend.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310409  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_cart.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_cart.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310410  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_product.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cubecart view_product.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310411  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB links.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB links.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310412  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310413  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310414  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: LiteCommerce cart.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310416  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB dlman.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB dlman.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310417  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModernBill news.php file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ModernBill news.php file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310426  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB portal.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB portal.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310437  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: All4WWW Homepage Creator index.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: All4WWW Homepage Creator index.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310440  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php local file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyAdmin phpmyadmin.css.php local file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310441  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP Nuke modules.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310442  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310443  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nukebookmarks modules.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nukebookmarks modules.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310444  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 news.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 news.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310450  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB mod.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB mod.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310458  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine theme.php remote file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine theme.php remote file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310462  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kalis Tagboard banned.php local command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kalis Tagboard banned.php local command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310465  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: netref cat_for_gen.php local file creation attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: netref cat_for_gen.php local file creation attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310476  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-print.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-print.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310477  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB notes module posting_notes.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB notes module posting_notes.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310480  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310481  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN mod.php SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310482  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ideabox remote include attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ideabox remote include attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310491  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TorrentTrader SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TorrentTrader SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310499  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: JGS-Portal id Variable SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: JGS-Portal id Variable SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390615  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393615  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyBulletinBoard SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390761  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RFI Injection Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 314001  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: downloadProtect file Disclosure of Sensitive Information Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: downloadProtect file Disclosure of Sensitive Information Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312119  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSecurePages cfgProgdir File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSecurePages cfgProgdir File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310492  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPmyGallery confdir File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPmyGallery confdir File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310493  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako LiveResponse SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Kayako LiveResponse SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380100  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpLDAPadmin welcome.php Arbitrary File Inclusion 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpLDAPadmin welcome.php Arbitrary File Inclusion

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380101  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380102  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AutoLinks Pro File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AutoLinks Pro File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380103  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Image File Upload Vulnerability  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Image File Upload Vulnerability 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380104  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpWebNotes Include File Error in php_api.php: 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpWebNotes Include File Error in php_api.php:

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380105  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS Made Simple File Inclusion 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS Made Simple File Inclusion

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380106  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Phorum username Script Insertion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Phorum username Script Insertion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380107  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380108  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SimplePHPBplog Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380111  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aMember Pro Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aMember Pro Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380112  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CuteNews Input Validation Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CuteNews Input Validation Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380657  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible phpbb blind SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible phpbb blind SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390657  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyFAQ path recursion attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpMyFAQ path recursion attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390671  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SEO-Board SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SEO-Board SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390672  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ LinkOut 123 Cross-Site Scripting Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ LinkOut 123 Cross-Site Scripting Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390673  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: jPortal download search SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: jPortal download search SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390674  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390675  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Tag Board Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390676  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390677  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CJ Web2Mail Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390678  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: postnuke Local file inclusion via GeSHi library 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: postnuke Local file inclusion via GeSHi library

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390679  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion msg_send SQL Injection Vulnerability  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion msg_send SQL Injection Vulnerability 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390680  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SquirrelMail Address Add Plugin first Cross-Site Scripting 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SquirrelMail Address Add Plugin first Cross-Site Scripting

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390681  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki forumid RFI injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki forumid RFI injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390683  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: page argument metacharacter injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: page argument metacharacter injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 320001  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Detail.php id SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Detail.php id SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390775  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TClanPortal id SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TClanPortal id SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 320113  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaphpLesson forumid SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaphpLesson forumid SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390686  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393300  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Peel rubid SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Peel rubid SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393376  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic mosConfig_absolute_path File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic mosConfig_absolute_path File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 392659  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cyphor Forum SQL Injection Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cyphor Forum SQL Injection Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390659  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WSN Forum id SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WSN Forum id SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390660  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tunez SQL Injection and Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tunez SQL Injection and Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390685  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP id variable SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310557  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ActiveCampaign SupportTrio Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ActiveCampaign SupportTrio Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 343433  

***  

**Alert message:** Atomicorp.com WAF Rules: Just in Time Virtual Patch:  SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules: Just in Time Virtual Patch:  SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 313979  

***  

**Alert message:** Atomicorp.com WAF Rules: ActiveCampaign KnowledgeBuilder SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules: ActiveCampaign KnowledgeBuilder SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 374533  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310019  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fake gif file shell attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fake gif file shell attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390205  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine Photo Gallery relocate_server.php Exposure of Configuration 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Coppermine Photo Gallery relocate_server.php Exposure of Configuration

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390206  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390207  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebCalendar http Response Splitting and SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390684  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zainu SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zainu SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390770  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cars Portal SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cars Portal SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390083  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki XSS Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki XSS Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393382  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390208  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic Remote PHP injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic Remote PHP injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390039  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: vwar_root remote/local file inclusion 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: vwar_root remote/local file inclusion

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390001  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on post.php 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on post.php

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390002  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on editac.php 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on editac.php

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390003  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on register.php 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB XSS attack on register.php

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390004  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391104  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390005  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBB SQL attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390006  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB cur_password XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB cur_password XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390007  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390008  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390009  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 scormExport.inc.php remote command vuln

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390010  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline <= 1.7.4 XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390011  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebNews XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebNews XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390012  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390013  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebBBNewsSQL attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390015  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: qliteNEws SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: qliteNEws SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390017  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390018  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedCMS XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390019  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390020  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390021  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oxygen SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390022  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mantis XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390023  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPCollab v2.x / netOffice v2.x sendpassword.php SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPCollab v2.x / netOffice v2.x sendpassword.php SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390024  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sourceworkshop newsletter SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sourceworkshop newsletter SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390025  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390027  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390028  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390029  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Null news Multiple SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390030  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPLiveHelper 1.8 remote command execution Xploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPLiveHelper 1.8 remote command execution Xploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390031  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390032  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pixel Motion Blog SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390033  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390036  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nuked-Klan SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390038  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: G-Book g_message Script Insertion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: G-Book g_message Script Insertion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390044  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpinfo.cgi command execution 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpinfo.cgi command execution

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390046  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: openEngine template Parameter Local File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: openEngine template Parameter Local File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390049  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AliPAGER ubild Cross-Site Scripting and SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AliPAGER ubild Cross-Site Scripting and SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390050  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MxBB Portal pafiledb Module module_root_path File Inclusion 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MxBB Portal pafiledb Module module_root_path File Inclusion

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390051  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jadu CMS register.php Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jadu CMS register.php Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390052  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenFAQ q Parameter Script Insertion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenFAQ q Parameter Script Insertion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390058  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390059  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390060  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390061  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390062  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390063  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390095  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki Multiple Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390064  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress shell injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress shell injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390067  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS-Bandits spaw_root File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CMS-Bandits spaw_root File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390069  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Admanager Pro exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Admanager Pro exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390071  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bible Portal Project destination File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bible Portal Project destination File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390072  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Flipper Poll root_path File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Flipper Poll root_path File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390073  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PictureDis Products lang Parameter File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PictureDis Products lang Parameter File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390074  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla/Mambo Weblinks blind SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla/Mambo Weblinks blind SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390076  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic m2f_root_path File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic m2f_root_path File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390077  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP download incddir File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP download incddir File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390078  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteDepth CMS SD_DIR Parameter Handling Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteDepth CMS SD_DIR Parameter Handling Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390079  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpLinkExchange page Parameter Handling Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpLinkExchange page Parameter Handling Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390081  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: authldap Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: authldap Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390082  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: globalheader domain variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: globalheader domain variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390092  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP default_path variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP default_path variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390090  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: file_upload sbp variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: file_upload sbp variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390091  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: viewtopic sid variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: viewtopic sid variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390093  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: get_infochannel root_path variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: get_infochannel root_path variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390097  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyNewsGroups myng_root Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MyNewsGroups myng_root Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390100  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: pageheaderdefault sysSessionPath upload exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: pageheaderdefault sysSessionPath upload exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390101  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible vulnscan6 exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible vulnscan6 exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390102  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Socketwiz Bookmarks root_dir File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Socketwiz Bookmarks root_dir File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390104  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390106  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RaidenHTTPD SoftParserFileXml File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RaidenHTTPD SoftParserFileXml File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390107  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcGalleryPRO path_to_folder File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: mcGalleryPRO path_to_folder File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390108  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Timesheet PHP username Parameter SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Timesheet PHP username Parameter SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390111  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: photokorn dir_path File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: photokorn dir_path File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390112  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Somery skindir File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Somery skindir File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390113  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: DokuWiki TARGET_FN directory Traversal Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: DokuWiki TARGET_FN directory Traversal Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390114  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fantastic News config[script_path] File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Fantastic News config[script_path] File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390133  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpGroupWare Local File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpGroupWare Local File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390134  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ExBB Italia exbb[home_path] File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ExBB Italia exbb[home_path] File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390135  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web3news PHPSECURITYADMIN_path File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web3news PHPSECURITYADMIN_path File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390136  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN _ccfg[_pkg_path_incl] File Inclusion 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpCOIN _ccfg[_pkg_path_incl] File Inclusion

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390154  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Cart SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Cart SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390156  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Cart XSS ATTACK 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Cart XSS ATTACK

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390157  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebYep webyep_sIncludePath File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebYep webyep_sIncludePath File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390158  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Travelsized CMS setup_folder File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Travelsized CMS setup_folder File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390161  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenBiblio File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenBiblio File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390162  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: BasiliX BSX_LIBDIR File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: BasiliX BSX_LIBDIR File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390164  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: DeluxeBB teplatefolder File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: DeluxeBB teplatefolder File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390167  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: amamber remote include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: amamber remote include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390170  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: LinPHA maps_type Local File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: LinPHA maps_type Local File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390171  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mole viewsource.php Information Disclosure Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mole viewsource.php Information Disclosure Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390173  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php cat SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php cat SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390174  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php f parameter Function Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php f parameter Function Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390175  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php link inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php link inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390176  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki lost password XSS 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki lost password XSS

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390177  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki featured link XSS attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki featured link XSS attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393677  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki listpages mysql passwd disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiwiki listpages mysql passwd disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390178  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Webmail XSS 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Webmail XSS

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390179  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: gCards 1.46 SQL 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: gCards 1.46 SQL

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390181  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joovili category SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joovili category SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390182  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jokes Script category SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Jokes Script category SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390183  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress download Monitor Plugin id SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress download Monitor Plugin id SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390184  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bits Listing Injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Bits Listing Injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390185  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SendReminders Injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SendReminders Injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390186  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiprint page Injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: tikiprint page Injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390187  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: up.php my_root Injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: up.php my_root Injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390188  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php path recursion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki tiki-graph_formula.php path recursion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390189  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki file access and injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tikiwiki file access and injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390190  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forcedownload file Injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forcedownload file Injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390191  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Config path_to_root Injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Config path_to_root Injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390192  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: search.php exec Injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: search.php exec Injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390194  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-download SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: wp-download SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390195  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php menu_id SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: index.php menu_id SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390197  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: class.admin_menu_lms.php injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: class.admin_menu_lms.php injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390198  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin_frame.php ltarget injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin_frame.php ltarget injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390199  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: FOG Forum injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: FOG Forum injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390200  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390201  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CoAST sections_file File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- normalisePath

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CoAST sections_file File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390202  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Lance catid SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- normalisePath

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Lance catid SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390203  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pro Chat Rooms good SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- normalisePath

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pro Chat Rooms good SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393602  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla option argument illegal character injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390603  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla illegal characters in argument 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 6 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla illegal characters in argument

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390604  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 9 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390606  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla ARG injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390608  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla template_css ARG injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla template_css ARG injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390609  

***  

**Alert message:** Atomicorp.com WAF Rules: Joomla ARGS Cross Site Scripting Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 8 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules: Joomla ARGS Cross Site Scripting Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390611  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 11 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 330600  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: LXLabs SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: LXLabs SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 330601  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebInspect Scanner Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WebInspect Scanner Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 330603  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 330604  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: faq.php Cid ARG SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: faq.php Cid ARG SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 330605  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: search_result.php HOSTid ARG SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: search_result.php HOSTid ARG SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390627  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible fckeditor file upload attack (disable this rule if you use this function) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: possible fckeditor file upload attack (disable this rule if you use this function)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390628  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381628  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zen Cart SQL injection exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390630  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 8 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390633  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters format variable in RSS request 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla invalid characters format variable in RSS request

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390634  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress plugin WP-Syntax Remote Command Execution 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress plugin WP-Syntax Remote Command Execution

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390637  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390638  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zencart PHP code injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390644  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MegaBook XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MegaBook XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390645  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390646  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla TagTrends variable injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390647  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390649  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390650  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible vBulletin database credentials theft

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390570  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390571  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Owl SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390757  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 PHP code injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecode

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: e107 PHP code injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390758  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sulata iSoft Local File Disclosure Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sulata iSoft Local File Disclosure Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390759  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL Injection Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390756  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oscommerce Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 320757  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ZenCart Sql Injection Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ZenCart Sql Injection Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322100  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin-mail-info.php XSS attack (CVE-2016-1000146) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: admin-mail-info.php XSS attack (CVE-2016-1000146)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322101  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ultimate-instagram-feed.php XSS attack (CVE-2017-16758) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ultimate-instagram-feed.php XSS attack (CVE-2017-16758)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310349  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXoops index.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310324  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo index.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpSysInfo index.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390643  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Contact form XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Contact form XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390648  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde command shell XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393651  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in contactus application comments 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in contactus application comments

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 366000  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 366001  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 366002  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380201  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Sodahead Polls wordpress plugin 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Sodahead Polls wordpress plugin

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380202  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Rating-Widget wordpress plugin 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS exploit in Rating-Widget wordpress plugin

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 380215  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381214  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Command Injection Attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381202  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Remote Code Execution Vulnerability Exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Remote Code Execution Vulnerability Exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381203  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 12 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381204  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: iBrowser Plugin Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: iBrowser Plugin Probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381205  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Curltest Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381215  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dbase SQL injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Dbase SQL injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381206  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to WordPress configuration file blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381209  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Request is missing required parameters. 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:**  

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress Request is missing required parameters.

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381210  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Multiple Cross Site Scripting Vulnerabilities in \ 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:**  

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Multiple Cross Site Scripting Vulnerabilities in \

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 311291  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: 1 Flash Gallery Wordpress Plugin File Upload Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: 1 Flash Gallery Wordpress Plugin File Upload Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 311292  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: abspath RFI Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: abspath RFI Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 311293  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpMyAdmin setup.php RFI Exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PhpMyAdmin setup.php RFI Exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 311294  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TestLink Open Source Test Management(<= 1.9.16) Remote Code Execution attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TestLink Open Source Test Management(<= 1.9.16) Remote Code Execution attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 311235  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: localjob.php Remote Code Execution attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: localjob.php Remote Code Execution attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322194  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal remote command execution blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Drupal remote command execution blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322193  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Woocommerce SQLi blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress Woocommerce SQLi blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 322192  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress nexos theme XSS attack (CVE 2020-15364) 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WordPress nexos theme XSS attack (CVE 2020-15364)

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 311295  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cross site scripting attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cross site scripting attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336463  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: antMan <= 0.9.0c Authentication Bypass attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: antMan <= 0.9.0c Authentication Bypass attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336461  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 8 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 314293  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Proxy Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Proxy Probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 317092  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Exchange server zero day blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 12 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Exchange server zero day blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 317091  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: search XSS attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: search XSS attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310091  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Crystal Reports crystalImageHandler.aspx directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Crystal Reports crystalImageHandler.aspx directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310210  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  philboard_admin.asp authentication bypass attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  philboard_admin.asp authentication bypass attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310296  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ACS Blog search.asp cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ACS Blog search.asp cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310300  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Outlook Web Access owalogon.asp phishing redirect attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Outlook Web Access owalogon.asp phishing redirect attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310367  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP ad_click.asp SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP ad_click.asp SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310368  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310370  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PortalAPP content.asp cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310475  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MetaBid item.asp SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MetaBid item.asp SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390180  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedDot CMS SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RedDot CMS SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390196  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: links.asp SQL injection vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- base64Decode

- compressWhitespace

- hexDecode

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: links.asp SQL injection vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310000  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: web-cgi formmail 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: web-cgi formmail

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310051  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: a.pl access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: a.pl access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310089  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Awstats.pl probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Awstats.pl probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310093  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ftp.pl directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ftp.pl directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310100  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: anaconda directory transversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: anaconda directory transversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310104  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: rwwwshell.pl access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: rwwwshell.pl access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310106  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: calendar_admin.pl arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: calendar_admin.pl arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310111  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Amaya templates sendtemp.pl directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Amaya templates sendtemp.pl directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310114  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cgiforum.pl attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cgiforum.pl attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310117  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cal_make.pl directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cal_make.pl directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310119  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ustorekeeper.pl directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ustorekeeper.pl directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310121  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: alibaba.pl arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: alibaba.pl arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310128  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  eshop.pl arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  eshop.pl arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310147  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  story.pl file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  story.pl file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310181  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ source code access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ source code access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310204  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  roads search.pl access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  roads search.pl access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310208  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  and.pl file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  and.pl file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310254  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310255  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310256  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl local file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310257  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats.pl directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310259  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats local file system access monkey business attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: awstats local file system access monkey business attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310498  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Formmail probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Formmail probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390043  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: quizz.pl exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: quizz.pl exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391653  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible OpenMRS Remote code injection  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible OpenMRS Remote code injection 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312657  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: kerbynet command injection blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: kerbynet command injection blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312608  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: board.cgi command injection blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: board.cgi command injection blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312668  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: setup.cgi command injection blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: setup.cgi command injection blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312658  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco tmunblock.cgi command injection blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco tmunblock.cgi command injection blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312659  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: weblogin.cgi command injection blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: weblogin.cgi command injection blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 392658  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CGI command injection blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CGI command injection blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 392657  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: login.cgi command injection blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: login.cgi command injection blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390653  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in ecommerce CGI 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible XSS injection in ecommerce CGI

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310001  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: pals-cgi arbitrary file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: pals-cgi arbitrary file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310005  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cssearch.cgi arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cssearch.cgi arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310006  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi directory traversal attempt attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi directory traversal attempt attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310007  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi external site redirection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: FormHandler.cgi external site redirection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310017  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: dcforum.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: dcforum.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310024  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Home Free search.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Home Free search.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310026  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: pfdispaly.cgi arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: pfdispaly.cgi arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310027  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: talkback.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: talkback.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310028  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote main.cgi file directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote main.cgi file directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310029  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote print.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: technote print.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310030  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXtropia webstore directory traversal 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: eXtropia webstore directory traversal

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310031  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: shopping cart directory traversal 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: shopping cart directory traversal

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310032  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire Pro Web Shell attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire Pro Web Shell attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310033  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Armada Style Master Index directory traversal 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Armada Style Master Index directory traversal

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310034  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cached_feed.cgi moreover shopping cart directory traversal 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cached_feed.cgi moreover shopping cart directory traversal

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310035  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Talentsoft Web+ exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310036  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: txt2html.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: txt2html.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310037  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: store.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: store.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310038  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: mrtg.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: mrtg.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310039  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCBill whereami.cgi arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCBill whereami.cgi arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310040  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WhatsUpGold instancename overflow attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WhatsUpGold instancename overflow attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310109  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  wayboard attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  wayboard attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310110  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: commerce.cgi arbitrary file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: commerce.cgi arbitrary file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310112  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: webspirs.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: webspirs.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310113  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: auktion.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: auktion.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310115  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: directorypro.cgi attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: directorypro.cgi attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310116  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web Shopper shopper.cgi attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Web Shopper shopper.cgi attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310118  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttawebtop.cgi arbitrary file attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ttawebtop.cgi arbitrary file attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310127  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  cssearch.cgi arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  cssearch.cgi arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310129  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  loadpage.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  loadpage.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310130  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: faqmanager.cgi arbitrary file attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: faqmanager.cgi arbitrary file attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310131  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Home Free search.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Home Free search.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310132  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pfdisplay.cgi arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pfdisplay.cgi arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310133  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pagelog.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pagelog.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310134  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pagelog.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  pagelog.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310135  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  emumail.cgi NULL attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  emumail.cgi NULL attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310136  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  technote main.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  technote main.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310137  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  technote print.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  technote print.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310138  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Allaire Pro authenticate.cgi shell attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Allaire Pro authenticate.cgi shell attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310139  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Armada Style Master search.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Armada Style Master search.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310140  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Moreover cached_feed.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Moreover cached_feed.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310141  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310142  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Bizdbsearch bizdb1-search.cgi mail attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Error (HIDS: 8)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Bizdbsearch bizdb1-search.cgi mail attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310143  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  sojourn.cgi file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  sojourn.cgi file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310144  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  infosrch.cgi fname attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  infosrch.cgi fname attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310145  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  store.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  store.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310146  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  generate.cgi file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  generate.cgi file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310148  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  mrtg.cgi directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  mrtg.cgi directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310150  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  CCbill whereami.cgi command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  CCbill whereami.cgi command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310151  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  MDaemon form2raw.cgi overflow attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  MDaemon form2raw.cgi overflow attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310152  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  WhatsUpGold _maincfgret.cgi overflow attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  WhatsUpGold _maincfgret.cgi overflow attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310250  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: includer.cgi command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: includer.cgi command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310265  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Proxy Grabber nph-env.cgi access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Proxy Grabber nph-env.cgi access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310301  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ads.cgi local command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ads.cgi local command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310484  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Agora CGI Cross Site Scripting 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Agora CGI Cross Site Scripting

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310486  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel remote command execution 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel remote command execution

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310488  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zeus Admin Interface XSS 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Zeus Admin Interface XSS

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310593  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: pdesk directory traversal and file theft 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: pdesk directory traversal and file theft

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390014  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebAPP XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: aWebAPP XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390026  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer XSS Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: X-Changer XSS Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390042  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Censtore.cgi exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Censtore.cgi exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393134  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test.fcgi or test.cgi access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310107  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hist.sh directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hist.sh directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310108  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hostscv.sh attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: bb-hostscv.sh attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310023  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310123  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: test.bat arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: test.bat arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310124  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: input.bat arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: input.bat arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310125  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: envout.bat arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: envout.bat arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310126  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: hello.bat arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310485  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Remote Command Execution via .bat files 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Remote Command Execution via .bat files

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310155  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp e-mail application.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp e-mail application.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310156  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp publisher application.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp publisher application.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310157  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp e-mail getfile.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp e-mail getfile.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310158  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp addcontent.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion exampleapp addcontent.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310160  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion fileexists.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion fileexists.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310161  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion expercalc.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion expercalc.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310162  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion parks detail.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion parks detail.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310163  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfappman index.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfappman index.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310164  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion beaninfo.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion beaninfo.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310165  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion evaluate.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion evaluate.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310166  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion expeval access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion expeval access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310167  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion displayfile access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion displayfile access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310168  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion mainframeset.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion mainframeset.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310171  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfmlsyntaxcheck.cfm access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfmlsyntaxcheck.cfm access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310172  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion application.cfm direct access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion application.cfm direct access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310173  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion onrequestend.cfm direct access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion onrequestend.cfm direct access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310174  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion startstop.cfm DoS attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion startstop.cfm DoS attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310175  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion gettempdirectory.cfm direct access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion gettempdirectory.cfm direct access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310176  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion sendmail.cfm direct access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion sendmail.cfm direct access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310154  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfcache.map file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion cfcache.map file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310185  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino catalog.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino catalog.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310186  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino domcfg.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino domcfg.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310187  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino domlog.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino domlog.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310188  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino log.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino log.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310189  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino names.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino names.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310190  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino mab.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino mab.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310191  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino cersvr.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino cersvr.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310192  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino setup.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino setup.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310193  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino statrep.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino statrep.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310194  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino webadmin.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino webadmin.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310195  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino events4.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino events4.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310196  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino ntsync4.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino ntsync4.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310197  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino collect4.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino collect4.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310198  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino mailw46.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino mailw46.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310199  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino bookmark.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino bookmark.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310200  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino agentrunner.nsf access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Domino agentrunner.nsf access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310101  

***  

**Alert message:** Atomicorp.com WAF Rules: imagemap.exe overflow attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: imagemap.exe overflow attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310180  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ source code access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Talentsoft Web+ source code access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310226  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microsoft Frontpage exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Microsoft Frontpage exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310728  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: /pbserver/pbserver.dll exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: /pbserver/pbserver.dll exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310529  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: /iiswebagentif.dll exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: /iiswebagentif.dll exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310709  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: /fsms/fsmsh.dll exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: /fsms/fsmsh.dll exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310710  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: /msadc/msadcs.dll exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: /msadc/msadcs.dll exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310711  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: /isapi/tstisapi.dll exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: /isapi/tstisapi.dll exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310712  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: /webadmin.dll exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: /webadmin.dll exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 340000  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Solarwinds backdoor attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 340001  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Solarwinds backdoor attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310729  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle SQL config theft attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle SQL config theft attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310713  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310714  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java App Server SOAP config theft attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310715  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Dreamweaver Information Disclosure 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Dreamweaver Information Disclosure

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310207  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PCCS MySQL database admin tool access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  PCCS MySQL database admin tool access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310218  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: : myphpPagetool pt_config.inc file inclusion attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: : myphpPagetool pt_config.inc file inclusion attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310012  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote command attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote command attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310074  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pagetool pt_config.inc file include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Pagetool pt_config.inc file include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 336479  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress DOM XSS Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress DOM XSS Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310087  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki directory traversal 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki directory traversal

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310183  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  tomcat contextAdmin exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  tomcat contextAdmin exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310483  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: 12Planet Chat Server Path Disclosure 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: 12Planet Chat Server Path Disclosure

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390489  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390488  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nephp Publisher SQL Injection Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nephp Publisher SQL Injection Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390487  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenEdit Cross-Site Scripting Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenEdit Cross-Site Scripting Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390169  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Xpoze reed SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Xpoze reed SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390193  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Join.html file inclusion vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Join.html file inclusion vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373357  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: DedeCMSv5 Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: DedeCMSv5 Probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 311098  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Revslider exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Revslider exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310098  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible WYSIJA exploit attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310097  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: /wwwboard/passwd.txt access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: /wwwboard/passwd.txt access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310184  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  eCommerce import.txt access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  eCommerce import.txt access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310202  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Ecommerce checks.txt access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Ecommerce checks.txt access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390486  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Exposure of user Credentials 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Simple PHP Blog Exposure of user Credentials

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312318  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file manager database access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file manager database access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312310  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL error log access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SQL error log access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310318  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog dbBlogMX.mdb database access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog dbBlogMX.mdb database access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310319  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog Blog.mdb database access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Betaparticle Blog Blog.mdb database access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390485  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: HTMLJunction EZGuestbook Remote Database Disclosure Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: HTMLJunction EZGuestbook Remote Database Disclosure Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393485  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sukru Alatas Guestbook Exposure of user Credentials 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Sukru Alatas Guestbook Exposure of user Credentials

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390484  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: uguestbook Exposure of user Credentials 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: uguestbook Exposure of user Credentials

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390483  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: information Call Center Exposure of user Credentials 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: information Call Center Exposure of user Credentials

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 391487  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempted hsh.mdb file access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempted hsh.mdb file access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 311299  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Secure Contact Administrators data leak block  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Secure Contact Administrators data leak block 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310299  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Macromedia SiteSpring 500error.jsp cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Macromedia SiteSpring 500error.jsp cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390482  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine netFlow Analyzer Cross-Site Scripting Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine netFlow Analyzer Cross-Site Scripting Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390481  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: FileLister searchwhat Cross-Site Scripting Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: FileLister searchwhat Cross-Site Scripting Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310047  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP application RFI exploitation attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic PHP application RFI exploitation attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310305  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390480  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MWChat file include Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MWChat file include Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390479  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yapig remote file include Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Yapig remote file include Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390478  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: yawp file include Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: yawp file include Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390477  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP iCalendar File Inclusion Vulnerability and XSS 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP iCalendar File Inclusion Vulnerability and XSS

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390476  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390084  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic BBCodeFile variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic BBCodeFile variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390085  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wb_class_dir variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic wb_class_dir variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390086  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic component_dir variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic component_dir variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390087  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic da_path variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic da_path variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390088  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic spaw_root variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic spaw_root variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390089  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic sitee variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic sitee variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390094  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic root_path variable Remote File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Generic root_path variable Remote File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390105  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS File Inclusion 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Vivvo Article Management CMS File Inclusion

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390109  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCleague Pro language Parameter Local File Inclusion 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CCleague Pro language Parameter Local File Inclusion

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 394150  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ff_compath File Inclusion Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ff_compath File Inclusion Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390166  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: xcart remote include 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: xcart remote include

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390204  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: no_url ARG URI injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: no_url ARG URI injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 320013  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java XSS vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Java XSS vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310003  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phf access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phf access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310004  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: tsearch arbitrary file read attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: tsearch arbitrary file read attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310011  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote commanSelective REQUEST_URI|REQUEST_BODYd attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phplib remote commanSelective REQUEST_URI|REQUEST_BODYd attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310013  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Highlighting Code Execution Attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: phpBB Highlighting Code Execution Attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 312019  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server prn arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server prn arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310021  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server NUL arbitrary command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: alchemy http server NUL arbitrary command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310022  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310025  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: campus attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: campus attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310041  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Demarc SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Demarc SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310043  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: htgrep attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: htgrep attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310044  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: musicat empower attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: musicat empower attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310052  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: strings overflow 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: strings overflow

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310080  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPBB worm

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310081  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailto domain search possible MyDoom.M,O 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailto domain search possible MyDoom.M,O

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310082  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: EasyDynamicPages exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310088  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: BitKeeper arbitrary command attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: BitKeeper arbitrary command attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310092  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: mailman 2.x path recursion attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: mailman 2.x path recursion attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310094  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tomcat server snoop access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Tomcat server snoop access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 313098  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: webplus directory traversal 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: webplus directory traversal

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310099  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: websendmail access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: websendmail access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310103  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: nph-test-cgi access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: nph-test-cgi access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310120  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  htsearch arbitrary configuration file attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  htsearch arbitrary configuration file attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310122  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AltaVista Intranet search directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310177  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion debug mode access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Coldfusion debug mode access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310179  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Unify eWave UploadServlet abuse attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Unify eWave UploadServlet abuse attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310203  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Mall Log order access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Mall Log order access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310205  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  SWEditServlet directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  SWEditServlet directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310206  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  RBS ISP /newuser directory traversal attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  RBS ISP /newuser directory traversal attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310209  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Demarc SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch:  Demarc SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310285  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: readfile.tcl local file access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: readfile.tcl local file access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310298  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailman cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mailman cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310306  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: b2-include local command execution attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310836  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire JRun sample scripts access attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Allaire JRun sample scripts access attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310334  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interspire ArticleLive newcomment.php cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Interspire ArticleLive newcomment.php cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310383  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: interact MX Kart mxshop SQL injection attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: interact MX Kart mxshop SQL injection attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310388  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CPG Dragonfly Coppermine cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CPG Dragonfly Coppermine cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310390  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal cross-site-scripting attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AlstraSoft EPay Pro epal cross-site-scripting attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310419  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TowerBlog! _dat/login password hash disclosure attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TowerBlog! _dat/login password hash disclosure attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310487  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS mod_plsql directory traversal 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS mod_plsql directory traversal

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310489  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS iSQLplus XSS 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Oracle 9iAS iSQLplus XSS

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310592  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenCA HTML Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: OpenCA HTML Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390475  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Jakarta-Tomcat /admin Context Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Jakarta-Tomcat /admin Context Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390474  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Common http vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Common http vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390473  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Gurgens Guest Book Remote Database Disclosure Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Gurgens Guest Book Remote Database Disclosure Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390472  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: sawmill remote file access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: sawmill remote file access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390471  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail information disclosure 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail information disclosure

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390470  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail file access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Javamail file access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390469  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Community Blog Module SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Invision Community Blog Module SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390466  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline E-Learning SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Claroline E-Learning SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390465  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum Russian Board 4.2 Full command execution 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Forum Russian Board 4.2 Full command execution

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390464  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel XSS vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cpanel XSS vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390463  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion database backup file retrieval 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP-Fusion database backup file retrieval

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390601  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress cat vuln 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Wordpress cat vuln

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390461  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 310594  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: netquery 3.1 Remote Command Execution vuln 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: netquery 3.1 Remote Command Execution vuln

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390460  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHPlist SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390459  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: python namespace exposure with karrigell service 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: python namespace exposure with karrigell service

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390458  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Test CGI probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390457  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco IOS http configuration probe attempts 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cisco IOS http configuration probe attempts

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390455  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: man2web cgi-scripts remote command spawn 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: man2web cgi-scripts remote command spawn

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390453  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: mimicboard2 Exposure of user Credentials 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: mimicboard2 Exposure of user Credentials

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390452  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mall23 eCommerce idPage SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Mall23 eCommerce idPage SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390451  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390450  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki rev Shell Command Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390449  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: http header PHP code injection attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: http header PHP code injection attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390448  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: MediaWiki Cross-Site Scripting Vulnerabilities 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: MediaWiki Cross-Site Scripting Vulnerabilities

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390447  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum Injection Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Phorum Injection Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390446  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Wormsign 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known Wormsign

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390445  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP Wormsign 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Known PHP Wormsign

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390444  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaPiG PHP XSS vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: YaPiG PHP XSS vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390441  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: HP OpenView network Node Manager Remote Command Execution Attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: HP OpenView network Node Manager Remote Command Execution Attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390440  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: RSA ACE/agent for Web image Cross-Site Scripting Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: RSA ACE/agent for Web image Cross-Site Scripting Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390439  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP config recon attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP config recon attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390438  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaveWebPortal menu_dx.php and menu_sx.php Multiple Variable XSS 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SaveWebPortal menu_dx.php and menu_sx.php Multiple Variable XSS

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390437  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: eyeOS Script Insertion and Exposure of user Credentials 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: eyeOS Script Insertion and Exposure of user Credentials

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 319003  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: cutenews shell injection vuln 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: cutenews shell injection vuln

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 319000  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attack Tool probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attack Tool probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 319001  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: EkinBoard 1.0.3 config.php SQL Injection through cookie 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: EkinBoard 1.0.3 config.php SQL Injection through cookie

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390434  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PmWiki 2.0.12 Cross Site Scripting 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PmWiki 2.0.12 Cross Site Scripting

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390433  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: CommodityRentals user_id SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: CommodityRentals user_id SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390432  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! mod_poll SQL Injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla! mod_poll SQL Injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390431  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: vTiger code inclusion attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: vTiger code inclusion attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390430  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AgileBill id SQL Injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AgileBill id SQL Injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390667  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Non Existent File Hack Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Non Existent File Hack Probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390668  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390669  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SocketKB 1.1.x file include Vulnerability 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393657  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393658  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Saxon XSLT command execution attacks

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393659  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Orca Blog SQL injection Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Orca Blog SQL injection Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390662  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cross-Site Scripting Attempt in Host header 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Cross-Site Scripting Attempt in Host header

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390663  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nortel SSL VPN Web Interface  XSS 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Nortel SSL VPN Web Interface  XSS

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390664  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SyntaxCMS XSS vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SyntaxCMS XSS vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390665  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceComments

- replaceNulls

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390666  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SiteSage norelay_highlight_words Cross-Site Scripting Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390035  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TFT Gallery passwd Exposure of user Credentials 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TFT Gallery passwd Exposure of user Credentials

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390037  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: WEBalbum Local File Inclusion Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: WEBalbum Local File Inclusion Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390040  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Help Module Remote Execution 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde Help Module Remote Execution

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390048  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine OpManager searchTerm Cross-Site Scripting 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: ManageEngine OpManager searchTerm Cross-Site Scripting

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390066  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde passthru exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Horde passthru exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390099  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki non-image upload exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TikiWiki non-image upload exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390110  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki filename Parameter Disclosure of Sensitive information 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TWiki filename Parameter Disclosure of Sensitive information

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390153  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Servlet Auth exposure Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Servlet Auth exposure Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390155  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Cart Customer Data Access 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Easy Cart Customer Data Access

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390168  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: e-Classifieds Corporate Edition db Cross-Site Scripting 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: e-Classifieds Corporate Edition db Cross-Site Scripting

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390172  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Aztech ADSL2/2 remote root  

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- htmlEntityDecode

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Aztech ADSL2/2 remote root 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393204  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla token exploit

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390600  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla catid ARG SQL injection 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Joomla catid ARG SQL injection

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 393652  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: JAMWiki message Cross-Site Scripting Vulnerability 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: JAMWiki message Cross-Site Scripting Vulnerability

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 370651  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Floating Point DoS Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Floating Point DoS Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 376419  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Ruby on Rails XML Exploit Attempt 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible Ruby on Rails XML Exploit Attempt

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 370662  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 370652  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Apache Struts Probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 372356  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: a2billing Probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: a2billing Probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 345113  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA CVE-2021-26086 attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA CVE-2021-26086 attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 345115  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 7 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 1 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- removeComments

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 345114  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 obfuscated attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 9 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- cmdLine

- lowercase

- removeWhitespace

- removeComments

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 obfuscated attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 345117  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- cmdLine

- lowercase

- removeWhitespace

- removeComments

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 345118  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 1 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- removeComments

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: log4j CVE-2021-44228 broad scope obfuscated attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 375357  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Themegrill site reset attempt blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Themegrill site reset attempt blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 332751  

***  

**Alert message:** Atomicorp.com WAF Rules: b2evolution CMS 6.6.0 - 6.8.10 PHP code execution attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: b2evolution CMS 6.6.0 - 6.8.10 PHP code execution attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 332791  

***  

**Alert message:** Atomicorp.com WAF Rules: Apache Struts RCE Attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Alert (HIDS: 10)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: Apache Struts RCE Attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 334168  

***  

**Alert message:** Atomicorp.com WAF Rules: Request content type header contains invalid characters 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 8 

**Severity:** Emergency (HIDS: 14)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules: Request content type header contains invalid characters

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390692  

***  

**Alert message:** Atomicorp.com WAF Rules - Vulnerability scanner attempting XSRF probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Vulnerability scanner attempting XSRF probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390690  

***  

**Alert message:** Atomicorp.com WAF Rules - Vulnerability scanner attempting response splitting 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Vulnerability scanner attempting response splitting

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 390691  

***  

**Alert message:** Atomicorp.com WAF Rules - Vulnerability scanner attempting SQL unescape probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- replaceNulls

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Vulnerability scanner attempting SQL unescape probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 397679  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Unauthorized attempt to access insecure BackupBuddy backup. 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 397678  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to unauthenticated BackupBuddy backup file.  Not blocked. 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 3 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

**Description:**

 

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 397680  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to exploit command injection vulnerability in Gitorious. 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** pass 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to exploit command injection vulnerability in Gitorious.

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381236  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to non media file uploaded via grapfile WP plugin denied 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to non media file uploaded via grapfile WP plugin denied

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381237  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: DLINK worm probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: DLINK worm probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381238  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: /info/whitelist.pac worm probe 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: /info/whitelist.pac worm probe

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 381239  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:**  

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: XSS attack

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 382238  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file execution in uploads directory denied 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: PHP file execution in uploads directory denied

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 382240  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: JBOSS probe denied 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- compressWhitespace

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: JBOSS probe denied

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 382292  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 382293  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 382291  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA SSRF attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 1 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: JIRA SSRF attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337109  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: SSRF attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 4 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- base64Decode

- hexDecode

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: SSRF attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337110  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- hexDecode

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337111  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 5 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- base64Decode

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: AWS SSRF attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 337181  

***  

**Alert message:** Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible memcached SSRF attack blocked 

**Rule Class:** Generic Attack Ruleset (99_asl_jitp.conf)

**Version:** 2 

**Severity:** Critical (HIDS: 9)

**HTTP Protocol Phase:** 2 

**HTTP Status:** 403 

**Action:** deny 

**Transforms:** 

- lowercase

- removeWhitespace

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible memcached SSRF attack blocked

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

